CN1426639A - Methods and apparatus for controlling internet protocol traffic in WAN and LAN - Google Patents

Methods and apparatus for controlling internet protocol traffic in WAN and LAN Download PDF

Info

Publication number
CN1426639A
CN1426639A CN 01808489 CN01808489A CN1426639A CN 1426639 A CN1426639 A CN 1426639A CN 01808489 CN01808489 CN 01808489 CN 01808489 A CN01808489 A CN 01808489A CN 1426639 A CN1426639 A CN 1426639A
Authority
CN
China
Prior art keywords
node
network
service
local activity
activity node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 01808489
Other languages
Chinese (zh)
Inventor
金伯利R·皮科克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CN1426639A publication Critical patent/CN1426639A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS

Abstract

Methods and apparatus for controlling traffic in a communications network (Fig 5) include providing a plurality of local active nodes and a master node wherein the local active nodes poll network equipment associated with them and transmit information about network utilization to the master active node. Periodically the master active node transmits network status information to the local active nodes. The local active nodes may also query the master active node about network status. Hosts coupled to a local active node query the node for network status.

Description

Be used for method and apparatus in the WAN and the LAN control Internet protocol traffic
It is 60/184,758 provisional application that sequence number is benefited from the application's request, and its applying date is on February 23rd, 2000, and wherein disclosed full content is used for referencial use hereinafter.
Background of invention
1. invention field
The present invention relates to utilize the communication network of Internet protocol (IP).Especially relate to the method and apparatus that is used to control by Network Transmission IP grouping.
2. prior art
Taken passages as followsly by the prior art of following file description, these prior aries belong to the whole of above-mentioned provisional application and as a disclosed part:
Murphy, David M., Building an Active Node on the Internet (active node of structure in the internet), MIT, in May, 1997.
" activity IP network is integrated two diverse network programming models, one based on the IP grouping model, and one based on the activity network grouping model." this piece report provided how these two models are integrated into one independently in the node, becomes movable IP node, also provided how a movable IP node to be integrated in the IP network.It has also proposed some preliminary imaginations to the restriction of being faced about network designer in the activity agreement of constructing for the heterogeneous networks of movable and non-movable IP node.By the model that uses constant and variable to handle, integrated activity and IP structure have produced clear and simple design of node and execution.In addition, some mechanism that in this piece report, propose, for example protected buffering area provides various auxiliary integrated security limitations.At last, this piece report has proposed some preliminary execution results, when combining with above-mentioned feature, advises that described movable IP platform will attract those hope to study intensively the researcher of application program specific protocol on the internet.”
Legedza, Ulana; Wethera11, David J, and Guttag, John, Change The kind execution of using the distributed application program of activity network, IEEE Infocom, San Francisco, in April, 1998.
" activity network allows application program that custom program is introduced in the network node.Be more prone to by the new procotol of employing is become, even surmount extensive area, allow agreement innovation faster.In this piece article, the ability that we have proposed introducing activity agreement provides important opportunity for the improvement of the end-to-end execution of distributed application program.We begin in the influence aspect the end-to-end application program execution by describing several activity agreements that the new network service is provided and described service being discussed.We discuss service that execution before studied and two activity agreements of multicast reliably then.An agreement is supported batch program and other interactive programs as much as possible.At last, we analyze those and these relevant agreement implementations of the non-activity agreement of baseline.These results have clearly proved the introducing with the matched activity agreement of the needs of specific application program, can significantly improve the performance of application program.”
Wetherall, David J; Legedza, Ulana and Guttag, John, Introduce new Internet service: reason and method, IEEE is about particular problem activity and webzine programmable networks, in July, 1998.
" activity network allows application program that program is introduced local node, the more important thing is, can introduce Wide Area Network.By making it the new network service of easier use, realize supporting service innovation faster.In this piece article, we had both discussed the potential impact of activity network service application programs, these services also are discussed how are set up and use.Our discussion is used by the suggestion sample and this use is discussed will how be improved the influence that the application program execution brings.We are by proposing a kind of new structure, and ANTS inquires into the design of activity network, and this has increased the extensibility of network layer, and have considered that the increase of active node is used in the internet.When doing like this, ANTS answers right challenge, guarantees that promptly the flexibility that is provided by activity network can negative effect performance or safety.At last, we have proved how to explain new network service in ANTS.”
The network work group, note demand: in December, 2475,1998.
This piece article has defined and has realized other structure of upgradeable service area on the internet.This structure utilization obtains upgradability by the gathering traffic class state with the IP layer of DS territory [DSFIELD] grouping token-passing.Packet is classified and is labeled, and transmits behavior to receive specific each-wire jumper along their path on node.Complicated classification, mark, management and shaping operation only need be carried out on network boundary or main frame.By control traffic mark and be adjusted to the Web portal with different service ability how, and the service how traffic is transmitted in network provides strategy, gives communication stream with Resource Allocation in Networks.Various services can make up on the module at these and carry out.
In this piece article, the structure of the service that specific quilt is distinguished can contrast with other existing service area sub-models.We are divided into following classification with these alternative models: the priorities associated mark, service mark, sign conversion, integrated service/RSVP, and static each-the wire jumper classification.The priorities associated markup model comprises the IPv4 priority flag, as [RFC791< Http:// www.fags.org/rfcs/rfc791.html] middle definition, 802.5 token ring priority [TR], and the explanation [802.1p] of the 802.1p traffic class of acquiescence.In this model, application program, main frame, or agent node is for dividing the relevant priority of group selection or " priority " (for example: postpone or abandon priority), and according to the priority valve in the packet header, use suitable priority to transmit characteristic along the network node of transmission path.Our structure can be counted as the improvement of this model, because our clearer status and importance that boundary node and traffic conditioner device have been described, and because our each-wire jumper behavior model allows than relevant delay or abandons the more general forwarding behavior of priority.
" example of a service mark model be as
[RFC1349< Http:// www.faqs.org/rfcs/rfc1349.html] the middle IPv4TOS that defines.In this example, each grouping indicates the request of " COS ", and this request can comprise " minimum delay ", " maximum throughput ", " maximum reliability ", perhaps " minimum cost ".Network node can select to satisfy the routed path or the forwarding behavior of the appropriate designs of service request.This model and our structure have trickle different.It should be noted that we do not describe the use of DS territory as the input Path selection.[RFC1349< Http:// www.faqs.org/rfcs/rfc1349.html] in the TOS mark of definition be that non-normal open is used, and do not surmount the scope of possible service semantics.And service request is independently divided into groups relevantly with each, transmits behavior although some service semantics may depend on the gathering of packet sequence.This service mark model be difficult for to adapt to the increase (because the code point space is little) of the quantity and the scope of service in the future, and " TOS->forwarding behavior " the related configuration that relates to comprising in each core network node.The standardized service mark means provides standardized service, the providing outside the scope that is in IETF of these services.It should be noted that these regulations produce in DS code point allocation of space, with the effective code point [DSFIELD] of this locality of the support service mark semanteme that allows to use by supplier.”
" example of sign conversion (perhaps virtual circuit) model comprises frame relay, ATM, and MPLS[FRELAY, ATM].Path forwarding state and traffic management or QOS state are to create for the flows of traffic of each wire jumper in network path in this model.The traffic of various yardsticks is assembled relevant through the path of sign conversion with the Ingress node place, and, be in each through the packet/cell in the path of sign conversion be marked as be used to search next wire jumper node, each-wire jumper transmits behavior, and at the forwarding sign of searching the displacement sign of each wire jumper.This model allows the more careful yardstick resource allocation for flows of traffic, and is effective because sign numerical value is not the overall situation, but only effective in certain independent link; Therefore resource can keep specially for the gathering of packet/cell, the gathering of these packet/cell receives from a link with special sign, and should select by the next wire jumper of the semantic management of sign conversion, allow flows of traffic to follow a custom-designed path by network.The yardstick of this improvement has been realized setting up and keeping process to indicate the additional management in the path of changing and the value of configuration needs.In addition, when employing have the Bian of predetermined resource-Bian sign transduction pathway the time, the quantity of fringe node is proportional in the network that (is assumed to be multiple spot to any sign transduction pathway) under the quantity and optimal cases of the forwarding state that keeps in each node scale, and the quantity of its scale and worst condition lower limb node is square proportional.”
" described integrated service/RSVP model depends on the packet forward under traditional default situations; but allowing resource and receiver switching signal information, these signal messages are being created additional packet classification and forwarding state [RFC1633 along each node in the path between the packet Http:// www.faqs.org/rfcs/rfc1633.html, RSVP].Under the situation that does not have state to assemble, the amount of state of each node scale is proportional with can be in the high-speed link possible large-scale parallel quantity that keeps.This model also needs application program to support the RSVP signal to send agreement.Different service mechanisms can be used for assembling integrated service/RSVP state [bernet] in network core.”
" various integrated services/RSVP model has been eliminated and only utilized " static state " classification of carrying out along network path and forwarding strategy wire jumper-to the demand of-wire jumper signalling in each node.These strategies were updated aspect the scale in administrative time, and the not instantaneous mixing of miniflow activity in the response to network.This state requires this not run into when those use RSVP on year-on-year basis may be poorer, especially in the backbone network node, because the quantity of available static policies may be greater than the quantity of the movable transmitter-receiver session of the reserved state of installing in a node in a node is overtime.Although the support of a large amount of classifying ruless and forwarding strategy can be calculated conscientiously, on each node in the backbone network with install and keep these regular relevant suitable weights of administrative burden, and backbone network may be cut off by flows of traffic.”
" although we contrast our structure and the model of these optional service differentiation; it should be noted: the semanteme that uses the link of these technology or node can be used for expanding differentiated services behavior and exchange foundation structure is connected with DS node alternately by layer-2 (for example; 802.1pLANs; frame transmissions/ATM backbone); and under the situation of MPLS, can be used as the execution technique of an optional interior fields.The restriction of adopting specific linking layer technology to be brought in the specific region of DS territory the network of DS domain browsing (or provide) may mean the traffic difference aspect the coarse-grained basis.According to the path that the PHB mapping of different linking layer service and the packet limiting set by the preferential classification virtual circuit of capacity (perhaps different classes of with) is assigned with, the whole or subclass of the PHB in the use can be supported (perhaps can be undistinguishable).”
The network work group, Internet draft, multi-protocols sign transformational structure, in February, 2000.
" this Internet draft has defined the structure of multi-protocols sign conversion (MPLS).
" packet header comprises than the required next wire jumper of simple selection having more information.Therefore, select next wire jumper to can be regarded as the combination of two functions.First function is divided into one group " forwarding equivalence class (FEC) " with the set of whole possible grouping.Second function is mapped to next wire jumper with each FEC.Relate in this scope and transmit decision, the different grouping that acquires the mapping of identical FEC is indistinguishable.Belong to specific FEC and will follow identical path (if perhaps use the multipath route of certain kind, they will all follow one of one group of path relevant with FEC) with all groupings that transmit from specific node.Rosen, Viswanathan﹠amp; The 4th page of Callon[] Internet draft draft-ietf-mpls-arch-ob.txt, in August, 1998.
" in traditional IP transmitted, specific router was considered two groupings in identical FEC usually, if some address prefix X are arranged, the routing table of router is arranged wherein, so that be " the longest coupling " for the destination address X of each grouping.When dividing into groups by network, each wire jumper reexamines grouping in order and it is distributed to FEC.In MPLS, specific cluster is done once when grouping enters network just to the distribution of specific FEC.FEC to grouping is distributed is used as the short fixed-length value that is known as " sign " and encodes.When grouping is forwarded to its next wire jumper, this sign is sent along it; That is to say that before these groupings were forwarded, they were put on " sign ".At wire jumper afterwards, there is not further analysis about the network layer title of grouping.Certainly, this sign is as the index of the table of the next wire jumper of definition, and new sign.Old sign is replaced by new sign, and grouping is forwarded to its next wire jumper then.
Summarize the mechanisms known of dividing into groups by atm network transmission IP below.These mechanism comprise: classical IP, LANE, MPOA and MPLS.
Classical IP (CIP) by ATM allows existing IP user to move to use ATM still to use existing application as the Traditional IP system design as the master data transmission technology.Therefore, atm network is divided into the logical ip subnet (LIS) that communicates with one another by router.
LANE operates on the MAC layer and can be used in the agreement that has any layer 3.By contrast, the classical IP by ATM only has IP work.
ATM fortum has defined multi-protocols (MPOA) by ATM to overcome the major defect of LANE and CI P: the main frame on these agreement request different sub-networks (ELAN or LIS) is by the interactive media router communication, output of this grouping of obviously having slowed down is because each router must be used for route and will divide into groups to be fragmented into once more cell to be used for forwarding at the cell of the grouping of Guinier-Preston zone 3.MPOA allows the client in the different sub-network to set up direct VCC, also as known nearly shortcut, directly transmits grouping between the two and in layer 3, need not reassociate and segmentation by any interactive media.In subnet, MPOA uses LANE.
MPOA provides a kind of distributed virtual router.The edge device that the ATM subnet is connected to traditional lan segment has some similar with the interface card that is used for virtual router.The whole atm network that is connected with edge device is that virtual router is transmitted the backstage.The packet forward function is separated from the route computing function, is carried out by routing server.
In the MPLS model, each router also is a transducer.Except common layer 3 title, the regular length sign is carried out in the grouping that is designed to nearly shortcut.MPLS allows to set up shortcut according to the standard of some, target ip address for example, and the classification of service and the strategy of service allow suitable a scalable network engineering.MPLS is not fixed on the ATM; The substitute is, it defines shortcut at operating by any linking layer technology of supporting the regular length sign.
The discontinuous intelligence of current group network has been described for the instructions for use high bandwidth of the extensive laod network that service of future generation is provided and/or the basic limitation of real-time Transmission.Stride the coordination that lacks integral body between layer network and the service, brought a very serious defective.These basic problems comprise:
1. extensive client provides the limitation of effective service ability
2. provide high-level service to monitor the restriction of appearance ability
3. the cost and the complexity of network increase equipment have been increased
4. the overload that has the network equipment CPU of service, strategy, traffic engineering, route and conversion execution
5. network equipment overload worsens service quality (QoS), the traffic of decay QoS sensitivity.
Current practice has been arranged, and the Intranet structure can provide or guarantee service quality (QoS), and Internet protocol (IP) Service Management perhaps provides the extensibility that adapts to new application program.Yet active procedure is really failed to be implemented in and is transmitted all above-mentioned three targets in the integrated solution.The emulation that provides high quality-of-service to need circuit-switched network, wherein resource is carried out before being retained in the request transmission.But, do not realize the IP scope of the service of transmitting such as the technology of ATM(Asynchronous Transfer Mode), because it can not local route or the IP address structure matched itself.And activity network allows networking component to carry out dynamic-configuration, allows network to be fit to the target of application-specific.Yet although activity network has the advantage in the grouping-on-packet by packet basis, it can not determine that Intranet goes up whole network resources demand.
Current practice aspect IP network provides the structure of rough difference stream of packets by the best use of system.General open policy service (COPS) provides a kind of client/server configuration between tactical management person and networking component.This structure allows integrated service (IntServ) policy mappings of application expects in the access layer of the service with difference (DiffServ), and differentiated services is provided with at the kernel place.The basic design of this structure does not accomplish to guarantee service quality QoS end to end.Main frame on the best use of basis that has the strategy decision sends, and is accompanied by the generation of the processing in the edge router (ER).
A kind of structure is provided in the present practice of atm network, and in this structure, middle IP transmission is invalid, thereby has sacrificed the service quality QoS end to end of ATM transmission.In the IP route, for each router, each grouping distributes a packet to forwarding equivalence class.By multi-protocols sign conversion (MPLS), when grouping enters into network, can obtain the chance of primary distribution to FEC.Then, FEC encodes to lack sign of regular length value defined, and should be sent by the grouping in each wire jumper by sign.When arriving next node in being grouped in the path, sign is used as the index of the lookup table at node place, and a new sign is provided then.Old sign be converted into one new, and with packet forward.Indicate the mapping of ATM VPI/VCI by MPLS, MPLS is integrated has the Core Feature of the IP route of ATM conversion.But MPLS lacks the ability identical with the IntServ/Diffserv structure.The transmission of the main frame on the best use of basis that has the strategy decision is accompanied by the generation of the processing in the sign edge router (LER).
Summary of the invention
In order to overcome these problems, requiring one of exploitation is the structure at center with the network intelligence, allows the change of main frame and networking component activity.According to the present invention, adopt following measures:
1. from network, collect information about resources effective
2. data in the database are obtained and strategy/Service Management puts together
3. provide intelligence with the form of ageng to main frame so that they can with external service node communication and response external service node
4. exploitation can be made the program of best decision according to the information that provides in main frame and the database for whole network
5. exploitation service strategy signal sends agreement, and this agreement allows must communicate by letter between service node, main frame and networking component, thereby must judge according to service node and to come operating host and networking component.
OODB Object Oriented Data Base can be developed and be used for storing basic network information.Object can be matched many variablees, comprises management information bank (MIB), host request, the addressing of IP multicast, IP and atm addressing or service-specific information.This database can utilize hierarchical addressing and routing table to produce optimum resolution with high time efficiency ground effectively.In this external service node, utilize the service strategy program of the information in these databases that is stored in, can make the judgement relevant with the optimal utilization of the network that provides host command and network availability.Each main frame can provide an ageng, and this ageng allows it and service node to carry out alternately, allows main frame with any transmission parameter of being asked, notification service node.Main frame, the communication between service node and the networking component will send agreement by service/policy signal and provide, and the signalling intelligence that this agreement allows to be integrated is passed through packet network.
This structure allows to increase at the main frame place replacement of intelligence, and service connects the decision of the service-strategy program that has above-mentioned agreement.And this structure allows seamless and effectively extensive service watch is provided.Can carry out the tracking of time, allow Intelligence Selection and distributed treatment is carried out in service in the future with the COS that is adopted.
The practice that this structure allows service to send to the client is changed on a large scale.The several general examples of let us in these examples, can be the client better service are provided.Web page of client requests.The ageng that is installed in the master computer uses signal transmission agreement to send information to service node, and the server of notice relevant information removes to visit the web page.The data of the program reading database in the service node, and aspect resource availability, carry out decision with the visit web page.This service node can judge that resource does not provide, and the decision resource can provide it or judge that resource is available by the Control Network assembly.If it judges that resource really for what do not provide, just can send the equivalent signal of a busy signal.But, if resource can provide it by the Control Network assembly, then carry out a decision, and use signal to send agreement and necessary networking component mutual.In this manner, router, switch, Routing Protocol, host-host protocols etc. can be controlled, to allow providing resource requirement to request.In case finish, just can signal to the web page---the client wishes to browse its content.Therefore, this service node can respond the request of main frame.
In addition, service node can respond potential problems in advance by the decision-generation ability of service strategy program in network.Utilize signal to send agreement, the judgement of program can transmit and network activity by main control system.For example, program can judge that main frame must return the transmission of certain service type, to alleviate congested in the network.Ageng in the main frame will be carried out above-mentioned request.Similarly, service-strategy program can be judged: networking component must tap, return or carry out different traffic control strategies.Traffic control can be determined in service node intelligently and at the center, and carry out needed all suitable positions in network.
By this structure, can make the transmission of Video service become very advanced.Because video transmission be real-time be again high bandwidth, extensive, high-quality (QoS) transmission is very difficult.This structure will improve the Service Management feature and improve strategy/traffic control ability greatly.Using a large amount of IP multicasts in the geographic area on a large scale, those are being wished that the task by grouping environment transmission " optical cable television " is necessary.The management of IP multicast, digital direction is inserted, and tracking user request is a great challenge.This structure will be carried the solicited message from main frame, these information of storage and the execution of permission service-strategy program and transmission, record and the relevant decision of keeping accounts in central database.It can follow the tracks of IGMP junction point and leaf node, allows effectively, integrated service and tactical management.Thereby allow supplier to determine point-to-point intelligently, or whether conduct is more effective according to the video transmission of the multicast of whole network state.And, because these service requests of main frame, comprise that the universal of program of content and notice is effective to comprehensively browsing by Continuous Tracking.This allows supplier that Internet resources and the program that offers the client are optimized.
Brief description of drawings
Fig. 1 is according to the mutual outline flowchart of expression main frame local node of the present invention;
Fig. 2 is according to the mutual outline flowchart of expression local node-host node of the present invention;
Fig. 3 is according to the mutual outline flowchart of expression local node-network equipment of the present invention;
Fig. 4 is the outline flowchart according to expression public the Internet Web server structure of the present invention; And
Fig. 5 is according to the graph of a relation between expression main frame of the present invention, local node, host node and the network equipment.
The detailed description of optimum implementation
Provide the multi-zone supervision that is used for Intranet structure according to network activity intelligence control system of the present invention (NAICS), be included in ageng in the main frame use and with 2 levels of the strategy and the corresponding to active node of execution of management service.Be the mutual signal transmission agreement of developing of active node, AIPv6 provides communication between main frame and active node.AIPv6 is a simple request and response protocol, and this agreement can be as exchanging policy and information on services between an active node and its client.AIPv6 uses right to choose, and this right to choose is designed to support predefine can select to handle, and supports the processing selected of Dynamic Definition.The effect of two aspects of double layers aggregated(particle) structure performance of active node.At first, utilize AIPv6 between main frame, local node and host node, to inquire about and respond, can be by network allocation strategy and service decision.The second, this structure allows to utilize statistics to carry out network allocation, is service and strategy decision image data.This structure is segmented into local activity node and main active node with this effect.The local activity node is collected SNMP at a defined range and is followed inspection information, and wherein main active node will follow in the local activity node of inspection information aggregation in self zone.Main active node is transmitted key message is also answered the local node that is used for additional information as required to local node request.Local node comes the implementation strategy decision by the transmission of SNMP, thereby obtains the configuration to the network equipment.
This NAICS structure allows main frame self to signal to the local activity node with the AIPv6 inquiry.The local activity node responds and provides the result of conclusive host query, has guaranteed to use relevant service and transmission parameter with service level agreement and network.Service and transmission parameter, by the active node transmission, ntranet is guaranteed by entire I.
Current about active node be practiced as main frame and the network equipment provides distributed intelligence, yet be not provided for the top-down strategy of Intranet and the structure of Service Management.Had after the active node, application program has defined the path, replaces IP to transmit at the activity network node of transmitting their message and carries out.Application program is distributed in section processes in the network.In activity network, current practice has utilized following structure, and in this structure, the network equipment is shared and is used for the task that AIPv6 handles and transmits.The NAICS structure is these task segmentations, and transmission is used for strategy and to the task of the Service Management of the isolating construction of local and main active node.The network equipment in Intranet is according to the SNMP signal transmitted data bag of local activity node.
The advantage of NAICS in the DSL/WAN network
The practice of current Digital Subscriber Line (DSL)/wide area network (WAN) network provides CPE modem/router equipment, and DSL visits the multiplex (MUX), a plurality of management equipments, and layer 2/3 is assembled and core A TM conversion.This structure is connected to terminal use's computer interconnected and provide to the public on the wide area network of Internet visit with the terminal use.But service and tactical management task lack central authorities' control, because they are carried out in distinct device.
The terminal use is forwarded to the CPE modem/router that links to each other with them with the traffic, and this modem/router sends to DSL visit Port Multiplier by local copper coil with information.Dynamically providing of Internet resources can not be provided.That is to say, terminal use's request can not be on the circuit of described request configure network devices immediately.Transmission must depend on predefined parameter.Inconsistent transmission utilizes possible transmission tap or postpones and punishes.Terminal use's notice only occurs over just the trust to transport layer protocol, for example transmission control protocol.The terminal use lacks the comprehensive mechanism of the service of judgement or transmission state.
Current practice has been arranged, and Service Management realizes by many different controlled plants.Remote access dialing (RADIUS) server in the user service provides checking, (AAA) service of authorizing and keep accounts, and to following the tracks of the user as them, technology and managerial ability commerce are crucial to the scheduling of DSL service.Name server (DNS) provides retrieval the search service relevant with domain-name information.The DNS service is crucial for simple and effective I nternet visit.DHCP (DHCP) allows server to terminal use's dynamic assignment IP address.DNS and DHCP are integrated in the network equipment usually.Service connection management mechanism provides DSL terminal use's connection, and the user is relevant with the DSL service, checks SNMP trap and access errors, and configuration is kept accounts, and carries out safety (FCAPS) function.A lot of autonomous devices are not optimized for mutual and interior poly-service execution characterization present practice.
The best current mechanism of the tactical management of DSL/WAN network is the execution of general open policy service (COPS) mechanism.COPS provides client/server configuration between tactical management person and networking component.From the edge of network, the best use of strategy can be formulated according to the centralized policy server.But this structure provides the signal between edge router and the strategic server.Between the main frame of DSL network and central server, there is not signal to exist.Provide a plurality of equipment of Service Management can not be integrated in this tactical management structure.And all technology in the current DSL service practice all can not adapt to new and needs different application dynamically.
The service supplier attempts to be specific application program mandate and Resources allocation according to its DSL/WAN user.At present, best practices is that the network equipment allows the user to signal to the Service Management server, authorizes and the value added service that provides is accounted.The user will use GUI to ask this service, inquiry and respond services manager, and reception is to the mandate of service.Server can send signal for the transmission of application-specific.Server can not and requesting host between set up policy requirement.In present practice, such judgement occurs in network edge.
In network activity intelligence control system (NAICS), be that the mechanism of dynamically adapting is carried out but the network requests utilization judges in advance.In present practice, main frame transmits on the basis of the best use of and receives AAA by the server difference from strategy and transfer function.NAICS uses ageng in host computer.These agengs comprise the database that Application Type is mapped to transmission and service parameter.The code of requested application program and expression transmission and the service parameter code that is complementary.These parameters can signal to service and the strategy needs of control system to particular host.Main frame transmits senior IPv6 grouping (AIPv6) to the local activity node.This local activity node is by being stored in local node, being mapped to the variable in sender's the software cache memory of IP address, response main frame.Main frame is according to the transmission that responds this local activity node by the variable that is distributed by node, and the code of this expression transmission and service parameter is the required of application program.This local activity node is storage of variables, resource and purpose IP address in form.Interpretive program is decision making according to this table content.Database storage in this local activity node is about the execution of service and about comprising the SNMP network application, IP route table, private network-network interface (PNNI) routing table, group of networks management agreement (IGMP), the added value application program, AAA, the key message of the strategy decision of DNS and DHCP.This local activity node is transferred to the main frame judgement of delaying time by being included in code in the AIPv6 packet.On the basis of the judgement of having done, this local activity node utilizes SNMP " to obtain " and reconfigures the network equipment.The transmission of this SNMP " is obtained " providing of specific transmission of main frame and service parameter request is provided.
The inquiry of AIPv6 between main frame and the local activity node and response mechanism mean mutual practice current between main frame and the various service management apparatus, service management, and between main frame and the tactical management equipment mutual shortage done correction.
AIPv6 inquiry and response allow local activity node and main active node to use the network information synchronously in upgradeable mode.By SNMP, the local activity node is determined the current network use by following the inspection network equipment.For an equipment and a main frame that limits quantity, just enough follow inspection network is used information and response make from terminal use's request with a local activity node.In large scale network, for example among the DSL/WAN, must adopt a plurality of local activity nodes to realize this task, and the equipment of higher level need use synchronously with the movable of local activity node.The inquiry of main active node response local activity node is this synchronous to guarantee.In fixed intervals, host node receives the AIPv6 packet from the local activity node.In fixed intervals, the host node transmission comprises the key network of transmitting from other local activity node and uses information A IPv6 packet.When AIPv6 when local activity node request complementary network information is signaled inquiry, grouping responds host node to AIPv6 by submitting necessary information.
This practice allows main frame and service/tactical management platform direct communication, and this platform is used for registered network use, transmission and service parameter, so that the concentrative implementation host request.Contrast with the current practice that is used for the isolating construction of different platform and function, all Service Managements and tactful capacity are carried out on fixing platform.DSL client uses the ageng that comprises database in this solution, make AIPv6 can send signals to the local master control system of the parameter of matching request, therefore overcome current the best use of, based on the different platform Service Management structure at edge by service class mandate and network capacity.
NAICS Web server structure
The NAICS strategy provides the judgement of dynamic strategy, rather than the present practice of static application, the fire compartment wall of managerial judgement.NAICS can continuous monitoring, and intermediate response and dynamic strategy are carried out, and the malicious communication amount when guaranteeing that opening Internet is organized into the web server access is carried out filtering.Basic NAICS-Web server architecture is with three assemblies.First assembly is an edge router, and Web server is connected to wide area network (WAN), Local Area Network or public network.This router and NAICS active node security platform are mutual, and this platform carries out intermediate conveyor between router and Web server.Last assembly of this structure is a Web server, and this server can serve as and is active node.
Router is forwarded to NAICS active node security platform with client requests.This NAICS transmits the transmission (for example, by this router, and being the predetermined transmission that comes automatic network of Web server) that receives passively, allows unless those groupings are AIPv6.Grouping is handled to AIPv6, and the coding that is comprised is read out and necessary decision is performed.The Web server that other all groupings is allowed to active node by transparent forwarding.For these groupings, this Web server is carried out judgement in the mode consistent with present practice.But the grouping that sends from Web server is compressed in the AIPv6 grouping.In the arbitration role, each divides into groups this NAICS platform processes from the AIPv6 of Web server to the router transmission.The NAICS platform comprises the content that the permission form is read AIPv6 grouping and record grouping in corresponding form.This function for monitoring is consistent with active node, and is to construct on the basis of the basic capacity of active node.To attack refusal with distributed service is consistent according to the movable monitoring algorithms of being judged that is used for, and the NAICS platform writes down from the grouping of web Server Transport and utilizes described algorithm that the form of record that these groupings are described in detail in detail is mated.This algorithm can be carried out the predetermined scripts of control network devices.The NAICS platform utilizes two mechanism to adapt to the network equipment to proofread and correct the influence that weakens network performance.Utilize the interface of Telnet script, the NAICS platform reconfigures to the traffic that is received in the router access list of Web server.In the same way, the NAICS platform is judged the source of attacking by carrying out the script of track path order.Utilize same mechanism to reconfigure access list, the NAICS platform can reconfigure the access list of the address realm that comprises the whole router that comes from attack.This mechanism is corrected the whole address realm that the assailant that knows clearly attempts to come from by obstruction attack, dynamically utilizes new IP address.Second mechanism makes the NAICS platform can utilize the AIPv6 grouping to reconfigure the Web server that active node orders about.The NAICS platform selecting with attack to call out the consistent code of script from service.AIPv6 grouping transmission reconfigures network parameter and the TCP/UDP port of the code of Web server with control obstruction IP address, and the TCP/UDP port is responsible for distributed denial of service attack.
In this structure, the function of active node can offer the terminal use.An assembly in Web server makes main frame can download the active node ageng of optimizing the transmission between main frame and the web server.Also optimize by this NAICS platform processes by the transmission that the NAICS platform is come to the web server from router.Main frame with the AIPv6 transmitted in packets to the web server.These groupings will be handled by the NAICS platform that carries out intermediate communication between network and web server.The NAICS platform is read the included code of AIPv6 platform and is correspondingly handled this grouping.
More than describe and illustrated several embodiment of the method and apparatus that in WAN or LAN, is used to control the Internet protocol traffic.Though described specific embodiment of the present invention, and do not meant that the present invention only limits to this, it means the scope that the present invention and technology allow and reads similar specification the same.Therefore, those persons skilled in the art will be appreciated that and can carry out other modification and not depart from described in the claims spirit and scope the present invention.

Claims (11)

1. be used for controlling the equipment of the communication network traffic, comprise:
A) a main active node that is connected with network; And
B) a plurality of local activity nodes that are connected with network, each described local activity node has
I) be used to follow the device of the inspection network equipment to judge that current network is used,
Ii) be used for inquiry is sent to the device of described main active node, and
Iii) be used to receive device, wherein from the response of described main active node
One of described local activity node is sent to described main active node with inquiry, and request is followed the information of inspection about the network equipment by other local activity node.
2. according to the equipment of claim 1, wherein:
Each described local activity node has that be used for will be about the network equipment by the device of its message transmission of following inspection to described main active node, and
Described main active node has and is used for periodically network being used the device of message transmission to described local activity node.
3. according to the equipment of claim 2, wherein:
Described local activity node follows the inspection network equipment by SNMP, and
Described local activity node is communicated by letter with described main active node by AIP.
4. according to the equipment of claim 1, further comprise:
C) a plurality of main frames that link to each other with each local activity node, each main frame has the device that is used for inquiry is sent to coupled local activity node.
5. according to the equipment of claim 4, wherein:
Described each local activity node has the device that is used to respond from the inquiry of coupled main frame.
6. be used for controlling the method for the communication network traffic, comprise:
A) network equipment group is linked to each other with the local activity node;
B) follow the inspection network equipment from the local activity node that links to each other with them; And
C) will transfer to main active node from the local activity node about the information that the network equipment uses.
7. according to the method for claim 6, further comprise:
D) will inquire about from a local activity node and be sent to main active node, be followed the information of inspection about the network equipment by other local activity node with request.
8. according to the method for claim 6, further comprise
D) periodically network is used information to transfer to described local activity node from main active node.
9. according to the method for claim 6, wherein:
The local activity node follows the inspection network equipment by SNMP, and
The local activity node transfers to main active node by AIP.
10. according to the method for claim 6, further comprise:
D) a plurality of main frames are linked to each other with each local activity node;
E) the network state inquiry is sent to the local activity node that is attached thereto from main frame.
11. the method according to claim 10 further comprises:
F) response is from the inquiry of the local activity node that links to each other with main frame to main frame.
CN 01808489 2000-02-23 2001-02-22 Methods and apparatus for controlling internet protocol traffic in WAN and LAN Pending CN1426639A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US18475800P 2000-02-23 2000-02-23
US60/184,758 2000-02-23

Publications (1)

Publication Number Publication Date
CN1426639A true CN1426639A (en) 2003-06-25

Family

ID=22678217

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 01808489 Pending CN1426639A (en) 2000-02-23 2001-02-22 Methods and apparatus for controlling internet protocol traffic in WAN and LAN

Country Status (7)

Country Link
EP (1) EP1264431A1 (en)
JP (1) JP2003524994A (en)
CN (1) CN1426639A (en)
AU (1) AU2001241664A1 (en)
CA (1) CA2407557A1 (en)
EA (1) EA004189B1 (en)
WO (1) WO2001063809A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7111072B1 (en) 2000-09-13 2006-09-19 Cosine Communications, Inc. Packet routing system and method
US7487232B1 (en) 2000-09-13 2009-02-03 Fortinet, Inc. Switch management system and method
US7444398B1 (en) 2000-09-13 2008-10-28 Fortinet, Inc. System and method for delivering security services
US8250357B2 (en) 2000-09-13 2012-08-21 Fortinet, Inc. Tunnel interface for securing traffic over a network
US7181547B1 (en) 2001-06-28 2007-02-20 Fortinet, Inc. Identifying nodes in a ring network
US7376125B1 (en) 2002-06-04 2008-05-20 Fortinet, Inc. Service processing switch
US7161904B2 (en) 2002-06-04 2007-01-09 Fortinet, Inc. System and method for hierarchical metering in a virtual router based network switch
US7177311B1 (en) 2002-06-04 2007-02-13 Fortinet, Inc. System and method for routing traffic through a virtual router-based network switch
US7203192B2 (en) 2002-06-04 2007-04-10 Fortinet, Inc. Network packet steering
US7096383B2 (en) 2002-08-29 2006-08-22 Cosine Communications, Inc. System and method for virtual router failover in a network routing system
US7266120B2 (en) * 2002-11-18 2007-09-04 Fortinet, Inc. System and method for hardware accelerated packet multicast in a virtual routing system
FR2852755B1 (en) * 2003-03-21 2005-06-24 Peugeot Citroen Automobiles Sa SYSTEM FOR MANAGING THE STATUS OF A MULTIPLEX INFORMATION TRANSMISSION NETWORK AND THUS OF STATIONS CONNECTED THERETO, ESPECIALLY FOR A MOTOR VEHICLE
US7720095B2 (en) 2003-08-27 2010-05-18 Fortinet, Inc. Heterogeneous media packet bridging
US7499419B2 (en) 2004-09-24 2009-03-03 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5615323A (en) * 1994-11-04 1997-03-25 Concord Communications, Inc. Displaying resource performance and utilization information
US5922051A (en) * 1997-05-14 1999-07-13 Ncr Corporation System and method for traffic management in a network management system

Also Published As

Publication number Publication date
CA2407557A1 (en) 2001-08-30
JP2003524994A (en) 2003-08-19
EA200200896A1 (en) 2003-02-27
AU2001241664A1 (en) 2001-09-03
EP1264431A1 (en) 2002-12-11
EA004189B1 (en) 2004-02-26
WO2001063809A1 (en) 2001-08-30

Similar Documents

Publication Publication Date Title
US6167445A (en) Method and apparatus for defining and implementing high-level quality of service policies in computer networks
EP1718011B1 (en) System for multi-layer provisioning in computer networks
EP1164754B1 (en) Methods and arrangements in a telecommunications system
EP2130332B1 (en) Applying policies for managing a service flow
JP4696131B2 (en) Method and node for aggregating data traffic via unicast messages over an access domain using service binding
CN103262505B (en) The differentiation using the Network of network address translation processes
US8037299B2 (en) Domain-less service selection
US20040111529A1 (en) Dynamic host based load balancing of a multihomed network
CN1426639A (en) Methods and apparatus for controlling internet protocol traffic in WAN and LAN
JP2000312226A (en) Method for warranting communication quality
CN111771359A (en) Method and system for connecting communication networks
US20040044762A1 (en) Methods and apparatus for controlling internet protocol traffic in a wan or lan
US20030196118A1 (en) Service control network and its control method
Cisco Introduction to MPLS VPN Technology
EP1490755B1 (en) Method for creating a map of available resources within an ip network
US7636790B1 (en) Service-based network packet routing redirection using an address server
JP4637562B2 (en) Gateway for combining passive and active networks
Anerousis et al. Service level routing on the Internet
CN100341300C (en) Multidomain access control of data flows associated with quality of service criteria
Mortier Multi-timescale internet traffic engineering
US20050125517A1 (en) Method for creating a map of available resources within an ip network
JP5123239B2 (en) Communication system, server device, terminal device, and node
El Hachimi et al. Control algorithm for QoS based multicast in diffserv domain
Hensley et al. A formal specification and analysis of the resource reservation protocol

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1056799

Country of ref document: HK